| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731. |
| Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php. |
| SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php. |
| SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter. |
| SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action. |
| Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action. |
| Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members. |
| The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request. |
| SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action. |
| Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. |
| SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. |
| R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb. |
| Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter. |
| Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. |
| Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121. |
| SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_loginfailed.asp, (2) z_admin_login.asp, (3) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
